DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default can't set clock?

Hello, ok my server went down after the power switch in rack it was in at hoster was tripped.

I find that on reboot the system time is wrong:
Quote:
# date
Tue 14 Oct 2003 10:30:10 BST

if try and reset date it says

Quote:
date 0807041933
date: can't reach time daemon, time set locally
Fri 4 Jul 2008 19:33:00 BST

but on checking date again it appears not to have changed?

Quote:
# date
Tue 14 Oct 2003 10:31:11 BST


any ideas?

cheers
Reply With Quote
  #2   (View Single Post)  
Old 5th July 2008
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 696
Default

Are you running date as root? From a normal (-1 or 0) securelevel?
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
  #3   (View Single Post)  
Old 5th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Thanks for reply, running as root, not sure what you mean by:

Quote:
From a normal (-1 or 0) securelevel?
Reply With Quote
  #4   (View Single Post)  
Old 5th July 2008
richardpl richardpl is offline
Spam Deminer
 
Join Date: May 2008
Location: Croatia
Posts: 284
Default

Did you enabled timed(8) ?
Reply With Quote
  #5   (View Single Post)  
Old 5th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Not sure as server was setup for me, but will check.

Should add never had this problem before after reboot?
Reply With Quote
  #6   (View Single Post)  
Old 5th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Ok appears that it is not installed, thing is i cannot compile as clock is out of sync.

I know this as tried to setup ntpd and the error i related to clock/time being incorrect?
Reply With Quote
  #7   (View Single Post)  
Old 5th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Update, although pkg_info does not show 'timed' i found this is logs:

Quote:
Oct 15 03:09:20 cp timed[68110]: /usr/src/usr.sbin/timed/timed/acksend.c 110: sendto 85.234.157.255: Operation not permitted
Oct 15 03:09:20 cp last message repeated 8 times

Bear in mind date on server is incorrect.

cheers
Reply With Quote
  #8   (View Single Post)  
Old 5th July 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
Originally Posted by carpman
Thanks for reply, running as root, not sure what you mean by:

Quote:
Originally Posted by phoenix
From a normal (-1 or 0) securelevel?
What is the output of:
% sysctl kern.securelevel

See init(8)
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #9   (View Single Post)  
Old 5th July 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

Am I the only one who thinks this user might be running inside of a jail? not a truly dedicated FreeBSD box?
Reply With Quote
Old 5th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Hello, and thanks for replies.

This true freebsd box running 6.2 with hsphere CP

output is:

Quote:
# sysctl kern.securelevel
kern.securelevel: 2
Reply With Quote
Old 5th July 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

You can't set the clock with a securelevel of 2 or higher, from init(8):

Code:
     The kernel runs with five different levels of security.  Any super-user
     process can raise the security level, but no process can lower it.  The
     security levels are:
[...]
     2     Highly secure mode - same as secure mode, plus disks may not be
           opened for writing (except by mount(2)) whether mounted or not.
           This level precludes tampering with file systems by unmounting
           them, but also inhibits running newfs(8) while the system is multi-
           user.

           In addition, kernel time changes are restricted to less than or
           equal to one second.  Attempts to change the time by more than this
           will log the message ``Time adjustment clamped to +1 second''.
You will need to boot in single-user mode and set the clock, or use a rc startup script and reboot.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 5th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Ok cheers, trouble is i can't reboot into single mode as it is remote server, can't compile as time is wrong, i could try adding pkg instead of compiling but still letf with issue of why time is wrong?

will try installing pkg ntpd
Reply With Quote
Old 5th July 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

No, that won't help, unless you manage to find a bug/security issue, there is no way to set the time with securelevel at 2.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 5th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Ok i got openntpd installed and added following to rc.conf


Quote:
ntpdate_enable="YES"
ntpdate_flags="-b 1.uk.pool.ntp.org chronos.csr.net audaxsystems.co.uk "
The i rebooted but still the same old date ?

From what read in Freebsd handbook ntpdate is best option for big change in time even when using ntpd.

cheers
Reply With Quote
Old 5th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Quote:
Originally Posted by Carpetsmoker View Post
No, that won't help, unless you manage to find a bug/security issue, there is no way to set the time with securelevel at 2.
so how am going to change the time?

Does this mean i am going to have to go into data center and change it?

cheers
Reply With Quote
Old 5th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Note running ntpdate from console gives:

Quote:
ntpdate
15 Oct 14:50:22 ntpdate[1799]: no servers can be used, exiting
Reply With Quote
Old 5th July 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

You are having the same problem as me some time ago: reading the wrong man pages
See http://www.bsdforums.org/forums/showthread.php?t=47395 for a tip of Phoenix to locate the man pages of OpenNTPD.

Or see http://www.freebsd.org/cgi/man.cgi?q...SE&format=html which says
Quote:
ntpd is usually started at boot time, and can be enabled by setting the
following in /etc/rc.conf:

openntpd_enable="YES"
You can set the time with the following in "/etc/rc.conf
Code:
openntpd_flags="-s"
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 5th July 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Default

Basically, work out where securelevels have been set, adjust that setting, and reboot. Provided your security-paranoic predecessor hasn't also locked that down.....

The general way is using rc.conf. there are two securelevel settings there:
Code:
 kern_securelevel_enable
                 (bool) Set to ``YES'' to set the kernel security level at
                 system startup.

     kern_securelevel
                 (int) The kernel security level to set at startup.  The
                 allowed range of value ranges from -1 (the compile time
                 default) to 3 (the most secure).  See init(8) for the list of
                 possible security levels and their effect on system opera-
                 tion.
Best of luck......
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
Reply With Quote
Old 6th July 2008
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Thanks for replies, ok i tried adding following to rc.conf but no joy

Quote:
openntpd_enable="YES"
openntpd_flags="-s"

Looks like i am going to have to look at secure levels, which not something i wanted to play with.


cheers
Reply With Quote
Old 6th July 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

All of those programs change the time using the same API, and if you *read* the advice offered to you by Carpetsmoker you would have fixed this much sooner.

Clearly the previous maintainer ran the system at a higher level for some reason, consider lowering it, setting the time, and then returning to the higher value.

This will require modifying configuration files.
Reply With Quote
Reply

Tags
clock, date, ntpd, openntpd, securelevel

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
configure clock in xfce delboy FreeBSD General 7 3rd September 2008 06:36 PM


All times are GMT. The time now is 09:12 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick